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CLAIMS 

What is claimed is: 

1 1. A multi-word arithmetic device for executing modular 

2 arithmetic on multi-word integers, in accordance with 

3 instructions from an external device, the multi-word 

4 arithmetic device comprising: 

5 a memory; 

36 an arithmetic unit for executing, on word units, at least 

17 two types of calculation, including addition and 

r8 multiplication, and outputting a one-word calculation result; 
=9 a memory input/output circuit for performing (1) a first 

10 data transfer for storing in the memory at least one integer 

3.1 received from an external device, (2) a second data transfer 
for inputting at least one integer stored in the memory into 

13 the arithmetic unit in word units, (3) a third data transfer 

14 for storing in the memory the calculation result output from 

15 the arithmetic unit, and (4) a fourth data transfer for 

16 outputting the calculation result from the memory to the 

17 external device; and 

18 a control circuit for, according to instructions received 

19 from the external device, 

20 (a) specifying, to the memory input/output unit, data to 
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21 be transferred by the second and third data transfers, and 

22 (b) specifying, to the arithmetic unit, a type of 

23 calculation to be executed, 

24 thereby controlling: 

25 (i) the arithmetic unit to selectively perform one of at 

26 least two types of modular arithmetic on the at least one 

27 integer stored in the memory; and 

28 (ii) the memory input /output circuit to store the 

i;|9 calculation -result of the modular arithmetic into the memory. 

;:rl 2. The multi-word arithmetic device of Claim 1, wherein 

l~2 at least two integers are stored in the memory, 

£33 the arithmetic unit includes: 

^34 an adder for adding at least two pieces of one-word data; 

li5 and 

6 a multiplier for multiplying at least two pieces of one- 

7 word data , and 

8 the memory input/output circuit simultaneously reads one 

9 word from each of the at least two integers stored in the 

10 memory, and outputs the read words to one of the adder and the 

11 multiplier. 

1 3. The multi-word arithmetic device of Claim 2, wherein: 
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2 the memory is divided into two dual-port memories, each 

3 allowing access to two storage areas designated by two 

4 addresses, and allowing (1) two read operations, or (2) one 

5 read operation and one write operation to be performed 

6 simultaneously on word units; and 

7 the at least two integers are stored in each dual-port 

8 memory so that the memory input/output circuit can 

9 simultaneously (1) read a piece of one-word data 

;40 simultaneously from each of the integers stored in the two 

Ml dual-port memories, and have the read pieces of data input 

;J2 into . one of the adder and the multiplier, and (2) write a 

"43 piece of one-word data output from one of the adder and the 

;34 multiplier into one of the two dual-port memories. 

if! 

:zl 4. The multi-word arithmetic device of Claim 1, wherein 

2 the arithmetic unit, according to instructions from the 

3 control circuit, executes one of the following three 

4 calculations: (1) addition of at least two pieces of one-word 

5 data; (2) multiplication, of two pieces of one-word data; and 

6 (3) multiplication of two pieces of one-word data and 

7 accumulation of multiplication results. 

1 5. The multi-word arithmetic device of Claim 4, wherein 
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2 the arithmetic unit includes: 

3 a multiplier receiving an input of two pieces of one-word 

4 data and outputting a piece of two-word data; 

5 an adder receiving an input of at least two pieces of two- 

6 word data, including a piece of two-word data output from the 

7 multiplier, and outputting a piece of multi-word data; and 

8 a selecting circuit selecting, according to instructions 

9 from the control circuit: 

;;;J0 (1)/ data to be input into one of the multiplier and the 

Lll adder out of data transmitted from the memory input /output 

';32 circuit; and 

/43 (2) data to be output as the calculation result out of data 

;;14 output from one of the adder and the multiplier. 

6. The multi-word arithmetic device of Claim 1, wherein 

2 the at least two types of modular arithmetic include modular 

3 addition, and 

4 on receiving, from the external device, an instruction to 

5 execute modular addition and an indication of a number of 

6 words n for each integer on which modular addition is to be 

7 performed, the control circuit controls the memory 

8 input/output circuit and the arithmetic unit to execute the 

9 following processing: 
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10 (1) the memory input /output circuit obtains from the 

11 external device and stores in the memory two n-word integers A 

12 and B on which modular addition is to be executed and a n-word 

13 integer P showing a modulus; 

14 (2) the memory input/output circuit (a) reads 

15 simultaneously, from the integers .A, B and P stored in the 

16 memory, pieces of one-word data a, b and p, each with a same 

17 digit position, and has the read pieces of data input into the 
r48 arithmetic unit, while (b) storing in the memory a piece of 
)J\9 one-word data w output from the arithmetic unit, and repeats 
;:|0 processes (a) and (b) sequentially from a lowest-order word in 
l&l each integer until n words of data are obtained, enabling an 
i;22 n-word integer W to be stored in the memory; and 

j i?3 (3) the arithmetic unit repeats n times a process in which 

;;J4 the pieces of data a, b and p received from the memory 

25 input/output circuit are computed as a + jb - p, propagating a 

26 carry, and a result w is output. 

1 7. The multi-word arithmetic device of Claim 6, wherein 

2 the control circuit determines whether a carry has been 

3 generated by the arithmetic unit immediately after completion 

4 of the processing (1) to (3) and if a carry has been 

5 generated, further controls the memory input/output circuit 
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6 and the adder to execute the following processing: 

7 (4) the memory input/output circuit (a) reads 

8 simultaneously, from the integers W and P stored in the 

9 memory, pieces of one-word data w and p, each with a same 

10 digit position, and has the read pieces of data input into the 

11 arithmetic unit, while (b) storing in the memory a piece of 

12 one-word data c output from the arithmetic unit and repeats 

13 processes (a) and (b) sequentially from a lowest-order word in 
|4 each integer until n words of data are obtained, enabling an 
15 n-word integer C to be stored in the memory; and 

J6 (5) the arithmetic unit repeats n times a process in which 

=|7 the pieces of data w and p received from the memory 

38 input/output circuit are computed as w + p, propagating a 

|9 carry, and a result c is output. 

1 8. The multi-word arithmetic unit of Claim 1, wherein the 

2 at least two types of modular arithmetic include Montgomery 

3 reduction calculating a residue for A-R A (-1) mod P, when each 

4 word has k bits, A is a 2n-word integer used for input data, R 

5 is an integer 2 A (k*n) and P is an n-word integer; and 

6 upon receiving, from the external device, an instruction to 

7 execute Montgomery reduction and an indication of a number of 

8 words 2n for an integer A on which Montgomery reduction is to 
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be performed, the control circuit controls the memory 
input/output circuit and the arithmetic unit, to execute 
Montgomery reduction . 

9. The multi-word arithmetic device of Claim 8, wherein, 
when receiving an instruction to execute Montgomery reduction 
from the external device, the control circuit controls the 
memory input/output circuit and the arithmetic unit so as to 
execute the following processing: 

(1) the memory input /output circuit acquires integers A, P 
and V from the external device and stores the obtained 
integers in the memory, the integer V being -P A (-1) mod R; 

(2) the arithmetic unit computes partial products for words 
from each of (i) a lower n words of the integer A stored in 
the memory, and (ii) the integer V, and accumulates words in 
partial products having a same digit position, repeating the 
process sequentially from a lowest word in each integer until 

n words of accumulated results are obtained, and storing the 
accumulated results in the memory as ' a piece of n-word 
intermediate data B; 

(3) the arithmetic unit computes partial products for words 

from each of (a) the piece of intermediate data B and (b) the 

integer P stored in the memory, and accumulates words in the 
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20 partial products having a same digit position so that, when a 

21 lowest word is a 0th word, accumulated results for a 0th to 

22 (n-3)th word are not obtained, but accumulated results for a 

23 (n-2)th word to a (2n-l)th word are obtained and stored in the 

24 memory as the upper (n+1) words of a piece of intermediate 

25 data D; 

26 (4) the arithmetic unit (a) generates (i) a carry obtained 

27 from a one-word addition performed by adding a lowest word 
|8 from each of the piece of intermediate data D and an integer 

29 AA, and (ii) a one-bit logical value, the integer AA being an 

30 upper (n+1) words of the integer A, and the one-bit logical 

§1 value being 0 when a one-word addition result is 0, and 1 when 

32 the one-word addition result is not 0, and (b) adds an upper n 

§3 words of the piece of intermediate data D, an upper n words of 

54 the integer AA, the carry and the one-bit logical value, by 

35 repeating addition of word units sequentially from a lowest 

36 word in each integer, while propagating a carry, until n words 

37 of data are obtained, and stores an addition result in the 

38 memory as a piece of n-word output data M; and 

39 (5) when the output data M stored in the memory is at least 

40 as large as the integer P, the arithmetic unit subtracts the 

41 integer P from the output data M until the output data M is 0 

42 or a positive integer smaller than the integer P, by repeating 
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43 subtraction of word units sequentially from a lowest word in 

44 each integer, while propagating a carry, until n words of data 

45 are obtained, and stores the subtraction results in the memory 

46 as a new piece of n-word output data .M. 

1 10. The multi-word arithmetic device of Claim 9, wherein 

2 in processing (4), the arithmetic unit adds a piece of one- 

3 word data containing all ones to the piece of intermediate 
:34 data D and the integer AA, and stores an upper n words of an 
: H5 obtained addition result in the memory as the output data M. 

'gl 11. The multi-word arithmetic device of Claim 10, wherein, 

;32 in processing (2) and (3), the arithmetic unit selects sets of 

;^3 word pairs, each set formed from all the pairs of words that 

:%4 generate a partial product with a same digit position, sets 

5 input values in the multiplier, and computes and accumulates 

6 the partial products for the selected pairs of words in 

7 sequence from the set with a lowest digit position. 

1 12. The multi-word arithmetic device of Claim 11, wherein, 

2 in processing (2) and (3), the arithmetic unit stores in the 

3 memory as part of a multiplication result a lower word from a 

4 two-word accumulated result obtained by accumulating partial 
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5 products with the same digit position, and adds an upper word 

6 from the accumulated result to partial products that have a 

7 digit position one word higher and are thus the next to be 

8 calculated. 

1 13. The. multi-word arithmetic device of Claim 12, wherein 

2 the arithmetic unit performs an operation for storing a lower 

3 word from the accumulated result in the memory simultaneously 

4 with an operation for adding an upper word from the 

5 accumulated result to partial products that have a digit 

6 position one word higher and are thus the next to be 

7 calculated. 

1 14. The multi-word arithmetic device of Claim 10, wherein, 

2 when computing and accumulating partial products in processing 

3 (2) and (3) , the arithmetic unit updates accumulated values by 

4 (a) simultaneously (i) computing a partial product and (ii) 

5 reading a previously accumulated one-word value from the 

6 memory, (b) adding the accumulated one-word value to a 

7 corresponding word in the partial product, and (c) storing a 

8 result of the addition in a corresponding area of the memory. 

1 15. A multi-word arithmetic device for executing modular 
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2 arithmetic on multi-word integers, in accordance with 

3 instructions from an external device, the multi-word 

4 arithmetic device comprising: 

5 a memory; 

6 an arithmetic unit for executing, on word units, at least 

7 two types of calculation, including addition and 

8 multiplication, and outputting a one-word calculation result; 

9 a memory input/output circuit for performing (1) a first 
-~i0 data transfer for storing in the memory at least one integer 

. j 

S S1 received from an external device, (2) a second data transfer 

:|2 for inputting at least one integer stored in the memory into 

'is the arithmetic unit in word units, (3) a third data transfer 

:%4 for storing in the memory the calculation result output from 

;35 the arithmetic unit, and (4) a fourth data transfer for 

:j6 outputting the calculation result from the memory to the 

17 external device; and 

18 a control circuit for, according to instructions received 

19 from the external device, 

20 (a) specifying, to the memory input/output unit, data to 

21 be transferred by the second and third data transfers, and 

22 (b) specifying, to the arithmetic unit, a type of 

23 calculation to be executed, 

24 thereby controlling: 
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25 (i) the arithmetic unit to selectively perform one of at 

26 least two types of modular arithmetic on the at least one 

27 integer stored in the memory; and 

28 (ii) the memory input /output circuit to store the. 

29 calculation result of the modular arithmetic into the memory, 

30 wherein the at least two types of modular arithmetic 

31 include modular addition and Montgomery reduction; and 

32 the control circuit controls the memory input/output 

=§3 circuit and the arithmetic unit so that the arithmetic unit 

,34 (1) computes A+B mod P when an instruction for executing 

;35 modular addition is received from the external device, A, B 

z i6 and P being n-word integers, and (2) computes a residue for A* 

;§7 R A (-1) mod P, when an instruction for executing Montgomery 

=38 reduction is received from the external device, each word 

;§9 having k bits, A being a 2n-word integer used as input data, R 

40 being an integer 2" (k*n) and P being an n-word integer. 

1 16. The multi-word arithmetic unit of Claim 15, wherein 

2 the arithmetic unit includes: 

3 a multiplier receiving an input of two pieces of one-word 

4 data and outputting a piece of two-word data; 

5 an adder receiving an input of at least two pieces of two- 

6 word data, including a piece of two-word data output from the 
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7 multiplier, and outputting a piece of multi-word data; and 

8 a selecting circuit selecting, according to instructions 

9 from the control circuit: 

10 (1)/ data to be input into one of the multiplier and the 

11 adder out of data transmitted from the memory input/output 

12 circuit; and 

13 (2) data to be output as the calculation result out of data 

14 output from one of the adder and the multiplier. 

nl 17. The multi-word arithmetic unit of Claim 16, wherein 

?2 the memory is divided into two dual-port memories, each 

3 

1:3 allowing access to two storage areas designated by two 

^4 addresses, and allowing (1) two read operations, or (2) one 

35 read operation and one write operation to be performed 

^6 simultaneously on word units; and 

7 the at least two integers are stored in each dual-port 

8 memory so that the memory input/output circuit can 

9 simultaneously (1) read a piece of one-word data 

10 simultaneously from each of the integers stored in the two 

11 dual-port memories, and have the read pieces of data input 

12 into one of the adder and the multiplier, and (2) write a 

13 piece of one-word data output from one of the adder and the 

14 multiplier into one of the two dual-port memories. 
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